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1 General stora g e protection techniques: Securing distributed stora g e: challenges, 
A> techniques, and systems 
^ Vishal Kher, Yongdae Kim 

November 2005 Proceedings of the 2005 ACM workshop on Storage security and 

survivability StorageSS '05 
Publisher: ACM Press 

Full text available: j£| pdtt294.61 KB) Additional Information: full citation , abstract , references , index terms 



The rapid increase of sensitive data and the growing number of government regulations 
that require longterm data retention and protection have forced enterprises to pay serious 
attention to storage security. In this paper, we discuss important security issues related 
to storage and present a comprehensive survey of the security services provided by the 
existing storage systems. We cover a broad range of the storage security literature, 
present a critical review of the existing solutions, compare ... 



Keywords: authorization, confidentiality, integrity, intrusion detection, privacy 



2 Password Mana g ement and Digital Signatures: Dele g ation of cry ptogra phic servers | 

<g> for capture-resilient devices 
^ Philip MacKenzie, Michael K. Reiter 

November 2001 Proceedings of the 8th ACM conference on Computer and 
Communications Security CCS "01 

Publisher: ACM Press 

f ii i t •, ui « ^/oho nn ism Additional Information: full citation , abstract , references , citings , index 
Full text available:^ pdf(31 2.90 KB) 

terms 

A device that performs private key operations (signatures or decryptions), and whose 
private key operations are protected by a password, can be immunized against offline 
dictionary attacks in case of capture by forcing the device to confirm a password guess 
with a designated remote server in order to perform a private key operation. Recent 
proposals for achieving this allow untrusted servers and require no server initialization per 
device. In this paper we extend these proposals to enable dynami ... 

3 improved proxy re-encryption schemes with applications to secure distributed storage 
^ Giuseppe Ateniese, Kevin Fu, Matthew Green, Susan Hohenberger 

>r February 2006 ACM Transactions on Information and System Security (TISSEC), volume 
9 Issue 1 
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Publisher: ACM Press 

Full text available: l g |pdf(331.59 KB) Additional Information: full citation , abstract , references , index terms 

In 1998, Blaze, Bleumer, and Strauss (BBS) proposed an application called atomic proxy 
re-encryption, in which a semitrusted proxy converts a ciphertext for Alice into a 
ciphertext for Bob without seeing the underlying plaintext. We predict that fast and secure 
re-encryption will become increasingly popular as a method for managing encrypted file 
systems. Although efficiently computable, the wide-spread adoption of BBS re-encryption 
has been hindered by considerable security risks. ... 

Keywords: Proxy re-encryption, bilinear maps, double decryption, key translation 



Cryptog raphic key mana g ement 
Dahl A. Gerberick 

May 1990 ACM SIGSAC Review, volume 8 issue 2 
Publisher: ACM Press 

Full text available: ^| pdf (962.96 KB) Additional Information: full citation , abstract , index terms 

There are two main issues concerning data security on networks; controlling access and 
the vulnerability of data communication links. A brief introduction to the various 
techniques which may be applied to these concerns are given in this paper. 

Distributed PIN verification scheme for improving security of mobile devices 

Jian Tang, Vagan Terziyan, Jari Veijalainen 

April 2003 Mobile Networks and Applications, volume 8 issue 2 

Publisher: Kluwer Academic Publishers 

Full text available: Q pdf(298.43 KB) Additional Information: full citation , abstract , references , index terms 

The main driving force for the rapid acceptance rate of small sized mobile devices is the 
capability to perform e-commerce transactions at any time and at any place, especially 
while on the move. There are, however, also weaknesses of this type of e-commerce, 
often called mobile e-commerce, or m-commerce. Due to their small size and easy 
portability mobile devices can easily be lost or stolen. Whereas the economic values and 
privacy threats protected with Personal Identification Numbers (PIN) ar ... 

Keywords: measure, mobile device, probability, risks, security, uncover 



6 An authentication-combined access control scheme usin g a geometric approach in |j| 

g> distributed systems 

Woei-Jiunn Tsaur, Shi-Jinn Horng, Chia-Ho Chen 

April 1997 Proceedings of the 1997 ACM symposium on Applied computing SAC '97 
Publisher: ACM Press 

Full text available: ^| pdf(498.43 KB) Additional Information: full citation , references , index terms 



Keywords: access control, cryptography, distributed systems, user authentication 



7 Role-based access control on the web 
Joon S. Park, Ravi Sandhu, Gail-Joon Ahn 

February 2001 ACM Transactions on information and System Security (TISSEC), volume 

4 Issue 1 
Publisher: ACM Press 
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Full text available: |S] pdf(331.03 KB) Additional Information: full citation , abstract , references , citings , index 

terms , review 

Current approaches to access control on the Web servers do not scale to enterprise-wide 
systems because they are mostly based on individual user identities. Hence we were 
motivated by the need to manage and enforce the strong and efficient RBAC access 
control technology in large-scale Web environments. To satisfy this requirement, we 
identify two different architectures for RBAC on the Web, called user-pull and server-pull. 
To demonstrate feasibility, we im ... 

Keywords: WWW security, cookies, digital certificates, role-based access control 



8 Secure authentication system for public WLAN roamin g 

Ana Sanz Merino, Yasuhiko Matsunaga, Manish Shah, Takashi Suzuki, Randy H. Katz 
June 2005 Mobile Networks and Applications, volume 10 issue 3 
Publisher: Kluwer Academic Publishers 

Full text available: || pdf(2.43 MB) Additional Information: full citation , abstract , references , index terms 

A serious challenge for seamless roaming between independent wireless LANs (WLANs) is 
how best to confederate the various WLAN service providers, each having different trust 
relationships with individuals and each supporting their own authentication schemes, 
which may vary from one provider to the next. We have designed and implemented a 
comprehensive single sign-on (SSO) authentication architecture that confederates WLAN 
service providers through trusted identity providers. Users select the app ... 

Keywords: authentication, link layer security, policy control, roaming, wireless LAN 




Services: Secure authentication system for public WLAN roamin g 
Yasuhiko Matsunaga, Ana Sanz Merino, Takashi Suzuki, Randy H. Katz 
September 2003 Proceedings of the 1st ACM international workshop on Wireless 
mobile applications and services on WLAN hotspots WMASH '03 
Publisher: ACM Press 

Additional Information: full citation , abstract , references , citing s, index 



Full text available. r . - 

1223 terms 

A serious impediment for seamless roaming between independent wireless LANs (WLANs) 
is how best to confederate the various WLAN service providers, each having different trust 
relationships with individuals and each supporting their own authentication schemes which 
may vary from one provider to the next. We have designed and implemented a 
comprehensive single sign-on (SSO) authentication architecture that confederates WLAN 
service providers through trusted identity providers. Users select the app ... 

Keywords: authentication, hotspot, link layer security, policy control, roaming, single 
sign-on, wireless LAN 



10 Unlinkable serial transactions: protocols and applications 
Stuart G. Stubblebine, Paul F. Syverson, David M. Goldschlag 

November 1999 ACM Transactions on Information and System Security (TISSEC), 

Volume 2 Issue 4 
Publisher: ACM Press 

.-1.4 , , u . 0i O7i/o\ Additional Information: full citation , abstract , references , citings, index 

run text available: TTn pdT(io4.o7 kb? 

terms , review 

We present a protocol for unlinkable serial transactions suitable for a variety of network- 
based subscription services. It is the first protocol to use cryptographic blinding to enable 
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subscription services. The protocol prevents the service from tracking the behavior of its 
customers, while protecting the service vendor from abuse due to simultaneous or cloned 
use by a single subscriber. Our basic protocol structure and recovery protocol are robust 
against failure in protocol termination. ... 

Keywords: anoymity, blinding, cryptographic protocols, unlinkable serial transactions 



11 Data Security H 
/g^ Dorothy E. Denning, Peter J. Denning 

September 1979 ACM Computing Surveys (CSUR), volume n issue 3 

Publisher: ACM Press 

Full text available: ^p?| pdf(1.97 MB) Additional Information: full citation , references , citings, index terms 



12 A secure and private system for subscription-based remote services 
Pino Persian©, Ivan Visconti 

November 2003 ACM Transactions on Information and System Security (TISSEC), 

Volume 6 Issue 4 
Publisher: ACM Press 

r- .. ♦ ^ i L. 0 Atm a a cc un\ Additional Information: full citation , abstract , references , citings, index 
Full text available: 1Spdf(241.65 KB) 

terms 

In this paper we study privacy issues regarding the use of the SSL/TLS protocol and 
X.509 certificates. Our main attention is placed on subscription-based remote services 
(e.g., subscription to newspapers and databases) where the service manager charges a 
flat fee for a period of time independent of the actual number of times the service is 
requested. We start by pointing out that restricting the access to such services by using 
X.509 certificates and the SSL/TLS protocol, while preserving the in ... 

Keywords: Access control, anonymity, cryptographic algorithms and protocols, privacy, 
world-wide web 



13 Integrating security in a large distributed system 
^ M. Satyanarayanan 

>/ August 1989 ACM Transactions on Computer Systems (TOCS), volume 7 issue 3 
Publisher: ACM Press 

,- ,. > •> ui 0 Attn nn md\ Additional Information: full citation , abstract , references , citings, index 
Full text available: 1l3 pdf(2.90 MB) - : 

terms , review 

Andrew is a distributed computing environment that is a synthesis of the personal 
computing and timesharing paradigms. When mature, it is expected to encompass over 
5,000 workstations spanning the Carnegie Mellon University campus. This paper examines 
the security issues that arise in such an environment and describes the mechanisms that 
have been developed to address them. These mechanisms include the logical and physical 
separation of servers and clients, support for secure communication ... 

14 Mobility support and location awareness: An approach to enhance inter-provider 
^ roaming through secret sharing and its application to WLANs 

^ Ulrike Meyer, Jared Cordasco, Susanne Wetzel 

September 2005 Proceedings of the 3rd ACM international workshop on Wireless 
mobile applications and services en VVLAN hots pots WMASH 05 
Publisher: ACM Press 

Full text available: ^g| pdf(278.2Q KB) Additional Information: full citation , abstract , references , index terms 
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In this paper, we show how secret sharing can be used to address a number of 
shortcomings in state-of-the-art public-key-based inter-provider roaming. In particular, 
the new concept does not require costly operations for certificate validation by the mobile 
device. It furthermore eliminates the need for a secure channel between providers upon 
roaming. We demonstrate the new approach by introducing a new protocol, EAP-TLS-KS, 
for roaming between 802.11i-protected WLANs. In addition, we show that ... 

Keywords: 802. Hi, EAP-TLS-KS, PKI, WLAN, distributed DSS, inter-provider roaming, 
micropayment scheme, secret sharing 



15 A pplications, services, and architecture: Smart ed g e server: beyond a wireless 
access point 

G. Manjunath, T. Simunic, V. Krishnan, J. Tourrilhes, D. Das, V. Srinivasmurthy, A. 
McReynolds 

October 2004 Proceedings of the 2nd ACM international workshop on Wireless mobile 
applications and services on WLAN hotspots WMASH '04 

Publisher: ACM Press 

Full text available: ^g] pdf(410.68 KB) Additional Information: full citation , abstract , references , index terms 

Wireless access at cafes, airports, homes and businesses have proliferated all over the 
globe with several different Wireless Internet Service Providers. Similarly, digital media 
has created a paradigm shift in media processing resulting in a complete change in media 
usage models, revamped existing businesses and has introduced new industry players. 
We believe there is a tremendous opportunity for application and system services at the 
intersection of the above two domains for exploiting the ... 

Keywords: access point, low-power, management, media, security, wireless 

16 Security: Zero-interaction authentication 
Mark D. Corner, Brian D. Noble 

September 2002 Proceedings of the 8th annual international conference on Mobile 
computing and networking MobiCom '02 

Publisher: ACM Press 

r- , Ll 0 , /070 0n , m Additional Information: full citation , abstract, references , citings, index 

Full text available: 1p pdf(273.30 KB) 

l£zr terms 

Laptops are vulnerable to theft, greatly increasing the likelihood of exposing sensitive 
files. Unfortunately, storing data in a cryptographic file system does not fully address this 
problem. Such systems ask the user to imbue them with long-term authority for 
decryption, but that authority can be used by anyone who physically possesses the 
machine. Forcing the user to frequently reestablish his identity is intrusive, encouraging 
him to disable encryption. Our solution to this problem is Zero- ... 

Keywords: cryptographic file systems, mobile computing, stackable file systems, 
transient authentication 
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SSL is the de facto standard today for securing end-to-end transport on the Internet. 
While the protocol itself seems rather secure, there are a number of risks that lurk in its 
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use, for example, in web banking. However, the adoption of password-based key- 
exchange protocols can overcome some of these problems. We propose the integration of 
such a protocol (DH-EKE) in the TLS protocol, the standardization of SSL by IETF. The 
resulting protocol provides secure mutual authentication and key establi ... 

Keywords: Authenticated key exchange, dictionary attack, key agreement, password, 
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It has been recognized for some time that software alone does not provide an adequate 
foundation for building a high-assurance trusted platform. The emergence of industry- 
standard trusted computing technologies promises a revolution in this respect by 
providing roots of trust upon which secure applications can be developed. These 
technologies offer a particularly attractive platform for security in peer-to-peer 
environments. In this paper we propose a trusted computing architecture to enforce ac .. 
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How does a machine know who is using it? Current systems authenticate their users 
infrequently, and assume the user's identity does not change. Such persistent 
authentication is inappropriate for mobile and ubiquitous systems, where associations 
between people and devices are fluid and unpredictable. We solve this problem with 
Transient Authentication, in which a small hardware token continuously authenticates the 
user's presence over a short-range, wireless link. We present the fo ... 
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